Malicious Domain Request 22 only when Vivaldi is open
-
Norton 360 reports a Malicious Domain Request 22, which is a redirect for more adds or other exploits. This started a few days ago, and only happens when Vivaldi is open. Closing all tabs doesn't stop it. I cleared all cache, history and cookies, and it made no difference.
Norton scans and Eraser found no issues, nor did AdwCleaner, HitmanPro or SpyHunter. I'm about to the point of uninstalling Vivaldi, but am looking for any help that might fix the problem.
thanks
--tks -
@TKS55 Hi, welcome to the Vivaldi Community
What domain is being requested?
Most likely you've installed an extension or a service worker has been installed by a site that does this.
-
@TKS55 try a scan with zemana too
-
Which extensions do you have installed.have you tried a packet sniffer to see where connection is connecting to.?
Have you tried without any extensions installed.?
Maybe a fresh re-install of vivaldi would help. -
Hi thanks for all the replies...
The host being blocked: https://qdzdi.eadywritic.top
and the IP is: 54.237.125.12, 443I've removed all extensions and cleared cache, history and cookies. I'll try uninstalling and re installing to see if I can get rid of this. If I use Chrome I don't get these warnings only with Vivaldi open.
Hadden89 I've never heard of zemana, and relatively unknown malware programs scare me as they are often a source of more problems rather than a solution to any. What is your experience with it?
thanks
--tks -
@Pathduck I've uninstalled the two extensions I had (Evernote and LastPass) and still get the problem. What do you mean by "service worker" I'm not sure what you referring to. If it were a process or windows service I would think that it would not be dependant on Vivaldi being open... am I missing something?
--tks
-
@TKS55 Go to
chrome://serviceworker-internalsand unregister all entries. -
@hlehyaric said in Malicious Domain Request 22 only when Vivaldi is open:
chrome://serviceworker-internals
Wow. I was completely unaware of "service workers". There was one that matched the URL of the problem. I did unregister all of them. I'll see if that solves the problem.
I've learned something new today! Thanks (Pathduck too, who first mentioned service workers...)
--tks -
@TKS55 i used zemana a lot. Is a great antimalware tool which helped me in past to remove annoying infections whereas other antivirus failed. And yeah, sadly service workers are abused by some sites.
-
@hlehyaric & @Pathduck SOLVED!
Removing the service workers seems to have solved the problem.
As I mentioned previously, when I opened the service workers as shown by @hlehyaric , I found one with the same URL as the redirect that was causing the malicious domain request. I deselected ALL service workers (even though just doing the matching one might have worked) and the problem has not come back since. I'm willing to call this one solved!
Thank you all for helping.
-
@TKS55 Great! Service Workers are a PITA and serve no useful purpose other than nag users and do stuff in the background even when a page is closed. If the SW was from a site you visit regularly, you can be assured it will be back.
If you like me hate the little buggers you can get rid of them by using Cookie Autodelete and turning off Keep Service Workers in the default rules. This way they will be deleted once tabs are closed, but not break anything if they're needed for functionality on the site when it's open.
Or you can use uBlock Origin and block the ones you get most from even registering with some simple rules:
||twitter.com/sw.js ||finn.no/sw.js ||youtube.com/sw.js ||quora.com/sw.jsUpdate: here's an article about a potential attack vector for abusing Service Workers to run botnets or crypto-miners (as if push notifications weren't bad enough). Only theoretical, for now that is...
https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page/ -
Ppafflick unlocked this topic on -
Ppafflick moved this topic from Vivaldi for Windows on
